On Mar 21, 2019, at 6:50 PM, John Levine <jo...@taugh.com> wrote: > I believe that for DoT, the idea is that the client just probes the > DNS server address on port 853 and uses it if it gets an answer. I > suppose you could try the same thing on port 443 but that seems > riskier.
This is a workaround for the absence of a way that the network can signal that the local resolver speaks DNS-over-TLS. It would be nice if there were a way to explicitly signal the availability of this functionality, so that the stub resolver didn’t have to probe for it. I think this is only relevant to DNS-over-TLS, however—I don’t think there’s any reason to use DoH if you trust the local resolver.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
